REMARKABLE CALENDAR EVENTS, PHOTOSTREAM, AND ECLECTIC COMMENTARY BY A NATURALIST IN IDAHO

Saturday, November 19, 2005

Sony Rootkit Global Infection Maps

Dan Kaminsky at Doxpara Research is probing the extent of the SONY rootkit problem using cache-snooping techniques and has discovered 568,200 name servers with cached DNS queries related to the rootkit. When the Sony software installed on a computer attempts to contact the mother ship, it has to phone home via a Domain Name Server query. The query resides in the cache of the name server that handled it. Along comes Mr. Kaminsky who tickles the cache, asks it if it has witnessed any queries related to the rootkit, and, Presto!

The really cool thing is the series of global maps Kaminsky has generated by geolocating the server IP data. The maps graphically show the extent of the infection worldwide. The most recent set of maps for the US, Europe, and Japan are here.

Almanacs & Info

"To know what we think, to be masters of our own meaning, will make a solid foundation for great and weighty thought. It is most easily learned by those whose ideas are meagre and restricted; and far happier they than such as wallow helplessly in a rich mud of conceptions." - Charles Sanders Pierce